VoIP: SIP-over-TLS and sRTP: Mitel

The Mitel 6800 Series (formerly Aastra 6800i Series) allows Open-SIP out of the box. Therefore, you can try VoIP/SIP servers like Digium Asterisk or public VoIP/SIP providers. The Phone interface, Web interface, and Provisioning interface are not on par when it comes to their feature set, and not one is a superset. For me, a combination of the Phone and Web interface was sufficient. Several Webpages exist (models, platform, languages) all with different firmware versions. To find the latest firmware, the user has to hack the Webpage. This could be easily solved but Mitel showed no interest. Go figure!

Last tested firmware

5.1.0.2047
retested in Nov. 2019 with 5.1.0.3070
retested in May 2020 with 5.1.0.5046
5.1 Guide for Administrators

Configuration

Password:	admin/22222 Web → User Password
HTTPS:	enabled out of the box
Update:	Web → Firmware Update HTTP(S) client does not support DNS-CNAME, HTTP-Host, HTTP-Redirects, or TLS-SNI. Therefore, you have to use a domain without Virtual Hosting. Alternatively to a domain, you use just an IP address. Alternatively, you use the Recovery Mode – there, you are able to upload a file directly. fixed with firmware 3092
Trust Anchors:	Web → TLS → Trusted Certificates Filename: Base64 like http://www.traud.de/voip/common.pem
SIP-URI User:	Web → Global SIP → Phone number Web → Global SIP → Authentication Name
SIP-URI Host:	Web → Global SIP → Proxy Server Web → Global SIP → Registrar Server
SIP-over-TLS:	Web → Global SIP → Transport Protocol → Persistent TLS
SDES-sRTP:	Web → Global SIP → RTP Encryption: SRTP Preferred which is RTP/AVP with crypto

Software Bugs

DNS-NAPTR:	missing
Session Timers:	broken; reset of sRTP-ROC, when the remote party sends re-INVITE Mitigation: Web → Global SIP → Session Timer: 0 no full mitigation, because the remote party still can send re-INVITE any time
IP Port Source	not random on default Mitigation: Web → Global SIP → Local SIP TLS Port: 0 with that, not the actual but no port is in the SIP header `Contact` Mitigation: Configuration File with ‘`sips symmetric tls signaling: 0`’ like Web → Configuration Server → Download Protocol: HTTP → HTTP Server: www.traud.de → HTTP Path: voip

Security

Bugs:	~~missing TLS_ECDHE_[RSA\|ECDSA]_WITH_AES_128_GCM_SHA256~~ fixed in Feb. 2020 with firmware 4040, ~~SDES-sRTP key with reduced entropy (keys observed were ASCII)~~ fixed in Nov. 2019 with firmware 3070, ~~Cipher Suites include RC4, Single-DES, EXPORT, and Anonymous~~ fixed with firmware 2047
Responsible Disclosure:	via PSIRT team
Firmware Update:	missing Automation missing Newsletter

Miscellaneous

time on display cannot be disabled
- Phone → Cogwheel → Preferences → Time → Zone: DE
- Web → Preferences → Time Format: 24h
- Web → Preferences → Date Format: DD.MM.YYYY
Web → Preferences → Tone set: Germany

Model Range

Comparison
Mitel 6863 SIP Phone, Aastra 6863i (tested)
Mitel 6865 SIP Phone, Aastra 6865i (tested)
Mitel 6867 SIP Phone, Aastra 6867i
Mitel 6869 SIP Phone, Aastra 6869i
Mitel 6873 SIP Phone
End of Life, last known firmware is 4583 (SP5 HF1; Sep. 2017): Aastra 9143i, 9480i…
End of Life, last known firmware is 4583 (SP5 HF1; Sep. 2017): Aastra 6730i, 6731i, 6739i, 6753i, 6755i, 6757i…
End of Life, last known firmware is 9017 (SP5 GA; Jun. 2017): Aastra 6735i, 6737i…

Power Supply

48 V ?.? A, Coaxial: 5.5 mm × 2.1 mm

← back to the other phones.